Sunday, December 12, 2010

Data Protection – For the Rich Only?

“Preventing improper information leaks is a greatest challenge
of the modern society” state Aldini and Alessandra (2008).There are
virtually countless ways (channels) sensitive data can be leaked
through. First, there is a question of the intent; data leakage could
be intentional, for example through a disgruntled employee who wishes
to take a “souvenir” home, or unintentional as a result of a
simple misunderstanding of security best practices. Then, technical
and business environment should be evaluated and assessed to
determine the most efficient and cost effective way to safeguard the
data.
When discussing data leakage and protection on the consumer
market, the boundaries between intentional and unintentional data
leakage blend. Security aware consumers are not disclosing
information such as credit card numbers, bank accounts and birth
dates publicly, therefore it is safe to assume that it is either
published as a result of a lack of understanding of security best
practices or the malicious information theft.
Chichowski (2010) notes seven technologies that could prevent or limit data leakage for small
and medium businesses. These include hosted Email security, Web/URL
filtering, anti-malware software, patch management and whole disk
encryption. Google (2010) provides a similar checklist consisting of
eighteen items to make sure information is secure. Based on Pareto
principle, by implementing those technologies a consumer could reduce
the overall risk of data leakage by 80%. The question arises: are
these technologies for rich only?
Instead of using locally installed E-mail security software which
is capable of filtering spam, detecting phishing attacks and scanning
for viruses, a consumer could use web based Email accounts such as
Google, Live and Yahoo, which provide different levels of security.
For example, Google Mail provides all of the above mentioned
capabilities in addition to free storage space.
A number of security software vendors, including segment leaders
such as Symantec and Kaspersky, offer free anti-malware scans capable
of detecting “viruses, Trojans, Spyware or other malicious codes”
(Kaspersky, 2010). In addition, free security software such as McAfee
SiteAdvisor and AVG LinkScanner allow users to check the reputation
of each website before opening it in a browser.
Today update or patch management technologies are an integral part
of operating systems and consumer applications. For example,
Microsoft Windows 7, Ubuntu OS and Mac OSX all come with build in
update manager, which informs the user when security and regular
updates become available. On Ubuntu, patch management software
updates applications managed by the operating system such as Open
Office, Firefox Web Browser and Adobe Reader.
Full disk encryption technology intends to provide last resort
protection in case a laptop or a desktop is stolen. Encrypting the
data stored on non-volatile memory devices such as hard drive, solid
state disk or removable USB device prevents malicious users from
accessing the information stored. In additional to corporate
solutions such as PGP Full Disk encryption and McAfee Endpoint
Encryption , Check Point Full Disk Encryption, there is a number of
free applications capable of protecting These are: Microsoft
BitLocker Drive Encryption and TrueCrypt.
It is evident that the security aware businesses and consumers
have a wealth of options when in comes to technological solutions to
protect sensitive or personal information. According to AVG
Technologies (2010) only “46% of identity theft victims installed
antivirus, anti-spyware, or a firewall on their computer after their
loss”, therefore the main problem lies in the security awareness of
the users rather than in the availability or cost of data leakage
prevention solutions. While in large enterprises, Chief Information
Security Officer (CISO) is required to provide internal employees
with the security awareness program to, the question that remains
open is: Who is responsible for the educating the end user when in
comes to consumer market?